From 2fe84ec895f686e4e473d5c3dfdcb029f72cd4aa Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Tue, 16 Jul 2013 23:54:15 -0700
Subject: [PATCH] Release 1.0.4

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 NEWS.txt       | 18 ++++++++++++++++++
 csrf-magic.php |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/NEWS.txt b/NEWS.txt
index 9628a8c..66d52f6 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -1,6 +1,24 @@
 
                             [[     news     ]]
 
+1.0.4 released 2013-07-17
+
+  [SECURITY FIXES]
+
+    - When secret key was not explicitly set, it was not being used
+      by the csrf_hash() function.  Thanks sparticvs for reporting.
+
+  [FEATURES]
+
+    - The default 'CSRF check failed' page now offers a handy 'Try
+      again' button, which resubmits the form.
+
+  [BUG FIXES]
+
+    - The fix for 1.0.3 inadvertantly turned off XMLHttpRequest
+      overloading for all browsers; it has now been fixed to only
+      apply to IE.
+
 1.0.3 released 2012-01-31
 
  [BUG FIXES]
diff --git a/csrf-magic.php b/csrf-magic.php
index 45f833e..58f4eba 100644
--- a/csrf-magic.php
+++ b/csrf-magic.php
@@ -131,7 +131,7 @@ $GLOBALS['csrf']['xhtml'] = true;
 // FUNCTIONS:
 
 // Don't edit this!
-$GLOBALS['csrf']['version'] = '1.0.1';
+$GLOBALS['csrf']['version'] = '1.0.4';
 
 /**
  * Rewrites <form> on the fly to add CSRF tokens to them. This can also
-- 
2.11.4.GIT